SuSE9 Security Update : telnet (YOU Patch Number 10238)
High Nessus Plugin ID 41074
SynopsisThe remote SuSE 9 host is missing a security-related patch.
DescriptionThe telnet client protocol can be abused by a malicious server to read the environment of the client site. The information can be used as preparation for further attacks. This bug can also be exploited by using the telnet:// URL on a web-site and letting the web-browser fork a telnet client. This bug was reported by iDEFENSE [IDEF0865].
Note that this patch changes the behaviour of the telnet client regarding the rule of exported environment variables. Please consult the man page for further details.
SolutionApply YOU patch number 10238.